I looks like I solved this. Somewhere the visible attribute in the wiwimod got switched to "0" on most of the pages. Switching the visibility back to "1" brought everything up.

Sam Bowen
http://www.oemr.org/

I have developed a popular web site using XOOPS 2.2.3a. I have the following system and modules:

System:
FreeBSD 6.2
Apache 2.2
PHP 5.2.3 with Suhosin-Patch 0.9.6.2
MySQL 5.2.

Installed modules:
System
Private Messaging
Extended Profiles
Wiwimod
C-Jay Content
News
CBB

I have a permission problem on the Wiwimod where I would like to make all content viewable but new content can only be added by a special group "WikiUsers".

I was having trouble with registered users adding content that was inappropriate and off topic.

I have added permissions for "anonymous" to read the Wiwimod.
I have given read and write permissions to "WikiUsers".
I have added about 5 people to the "WikiUsers" group.

Everything seemed to working fine. Now none of the users can access the content and get a message:

"Sorry, restricted access page."

I have tried reassigning privileges on the groups. I have tried reassigning privileges on the Wiwimod.

Any ideas or help would be appreciated.

Sam Bowen

http://www.oemr.org/

No I do not. I ended up not installing any of the WSIWYG editors.

When I first installed XOOPS 2.2.3 it was the recommended stable most recent version. It became apparent that a lot of the modules were not compatible with 2.2.3, I remember trying to install one of the WYSIWYG editors but it didn't work (I don't remember ever trying Spaw).

Later the XOOPS developer group decided to back up and go back to 1.3.10 as the recommended stable release. This has now progressed to 2.0.17.1.

I have been stuck. Reverting 2.2.3a back to 1.3.10 is not very easy. The XOOPS roadmap states that eventually the two branches will be brought back together in 2.4. But I am not sure if and when this will actually occur.

Sam Bowen, MD
www.oemr.org

If you change to the public_html directory and type

ls

does it list the index.php?

You might try modifying the script to add a ./ in front of the index.php.

<head><title>Royal Welsh Veterans</title><script type="text/javascript">window.location="./index.PHP";</script></head>

Sam Bowen, MD
www.oemr.org

Kevin,

I can see the content of your index.html.

Why don't you replace the contents of index.html with the following:

<head><title>Royal Welsh Veterans</title><script type="text/javascript">window.location="index.PHP";</script></head>

Save and reload.

Sam Bowen, MD
www.oemr.org
another XOOPS site

Dear Kevcar,

I was Googling around and found this reference that may have relevance to your situation. Check it out.

http://www.linuxtopia.org/online_books/redhat_selinux_guide/rhlcommon-section-0055.html

On Redhat Enterprise Linux the relevant error messages may relate to the SELinux which imposes a lot of extra restrictions on permissions and access of files. The relevant error messages appear to reside in:

/var/log/messages

What are the names of the directories, in order, from the file root:

/

For instance on my server the web server root is:

/usr/local/www/data/xoops/

This should be listed in the the mainfile.php To answer the question you asked above, open a command line interface, Su (change user) to root. From the root prompt (looks like a # sign). Type the following:

ls -al public_html

This needs to be executed from the directory where public_html is located.

Sam Bowen, MD
www.oemr.org

I need to know what operating system you are running.

Do you know the path to your web server root (where the XOOPS directory is located)?

You need to list the permissions on your web server root:

# ls -al /pathtoyoursite/xoops/

We could use some more information such as do you own your own server or are you using a colocation site?

Version of XOOPS?

Do you have any security files installed such as

.htaccess

index.html

Have you changed anything on the site or the server configuration?

Is there any information in the web server error logs?

On Linux/Unix using apache this is usually in:

/var/log/apache/error_log

but varies with your operating system. Windows would have this in the system event log.

Sam Bowen

Yes, oemr.org.

I appreciate the input a lot.

I have been examining the files with (hopefully) wiser eyes. The malicious files are owned by the apache web server and have the same owner and group permission as my Apache web server process.

To me this implicates a registered user who is posting this somehow using the XOOPS software, possibly using the newbb or the wiwimod to load the malicious software.

I need to start logging which users are posting if possible. This is likely someone very familiar with the behavior of XOOPS to be able to insert the files in the cache/, templates_c/, and updates/ directories using XOOPS and the Apache webserver.

I am running XOOPS 2.2.3a. I have the following modules installed:

System
Private Messaging
Extended Profiles
Wiwimod
C-Jay Content
News
CBB

The files were in

uploads/ Chase Bank scam

cache/ Paypal scam

These were javascripts that redirect users to previously hacked web servers. The user had inserted malicious files into into poorly secured web servers (inappropriate file ownership permissions). The Chase Bank scam has already been closed by the owner of the hacked web page. I have contacted the administrator of the site that contains the PayPal scam and asked them to remove the malicious files.

I would like to identify the user and prosecute them if possible.

Any thoughts?

Sam Bowen